Moba Ransomware
The Moba Ransomware is a file-locking Trojan that's from STOP Ransomware's Ransomware-as-a-Service. Although its primary feature is blocking digital media, it may interfere with the user's Web-browsing connections and delete backups. Users should let their anti-malware programs protect their files by removing the Moba Ransomware on sight and related threats like AZORult.
The STOP Ransomware Continues Careening into Users' Files
Without any suggestions that it might come close to living up to its name, the STOP Ransomware, still, is a highly-active and varied Ransomware-as-a-Service heading into the end of June. The RaaS, formerly defeated by a database leak and a free decryption service arising from it, is back to being secure, as of recent versions like the Moba Ransomware. However, the Moba Ransomware is just one of many weaponized encryption programs in the family and comes long after the Grovat Ransomware, the Lokf Ransomware, the Reco Ransomware, the Todar Ransomware and others.
The Moba Ransomware (whose name is a possible reference to an online gaming subgenre) can encrypt the most commonly-used formats of documents, pictures and other media. The extension that it appends, the 'moba' from its name, is one of the only changes that malware experts see that makes the Moba Ransomware any different from its recent ancestors. The threat is compatible with just Windows but can harm most versions, including Windows 10.
This encryption keeps the media from opening and provides the Moba Ransomware with the 'bargaining chip' for its ransom message. Its message, a text file, is a copy-paste of the current template for the STOP Ransomware – offering a 'discount' before a deadline, a 'free demo,' and asking for hundreds of dollars, minimum. While users may gamble on this ransom, malware experts recommend consulting with cyber-security experts with experience versus the RaaS industry, first. In some STOP Ransomware infections, if not many, free recovery is possible.
Getting Off of a Crash Course with Data Extortion
The Moba Ransomware's encryption often is incapable of reversal by any well-intentioned third parties. Despite this problem, would-be victims have many ways of protecting themselves from the well-publicized infection vectors of this family. Securing Remote Desktop admin features, using strong passwords, disabling high-risk features like macros, and refusing illicit downloads are all applicable immediate defensive options. Unlike some file-locking Trojans, the Moba Ransomware's family may pick targets arbitrarily or trick random victims into infecting their computers.
The value of a backup is inestimable against file-locking Trojans. Currently, the Moba Ransomware limits its ransom demands to just under one thousand USD, but criminals may take this money and not give any service back to the client. In nearly all transactions, the specification of a cryptocurrency further solidifies the riskiness of the deal and the lack of accountability for the threat actor.
Qualified anti-malware services also are highly useful for deleting file-locking Trojans and should be capable of removing the Moba Ransomware and other STOP Ransomware variations.
The Moba Ransomware adds to the count of Ransomware-as-a-Services with updates to well-polished, if illicit, business models. Users will need to disrupt that way of doing business by protecting their digital media if they don't want more of the same for the rest of 2020.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.